Description
A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php.
Published: 2025-09-03
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Database Compromise
Action: Patch
AI Analysis

Impact

The vulnerability is a classic SQL Injection in the registration script of the Complaint Management System 2.0. The lack of input validation on fields such as fullname, email, and contactno allows an attacker to inject arbitrary SQL statements into database queries. This flaw could enable the attacker to read, modify, or delete application data, leading to loss of confidentiality or integrity of stored information.

Affected Systems

Customers are affected by phpgurukul Complaint Management System 2.0 as identified by the CPE cpe:2.3:a:phpgurukul:complaint_management_system:2.0. The system is vulnerable whenever the registration page is reachable. No vendor patch is listed, so internal remediation or upgraded releases must be sought.

Risk and Exploitability

The CVSS score of 7.5 categorizes this as a high severity flaw. However, the EPSS score is less than 1%, implying a very low probability of exploitation in the wild. The flaw is not listed in CISA's KEV catalog, indicating the threat level is currently low. Based on the description, the likely attack vector is remote via HTTP requests to the vulnerable registration endpoint, and the attack can be executed without special access privileges.

Generated by OpenCVE AI on April 22, 2026 at 22:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to a patched version of the system
  • Implement input validation and use parameterized queries for fullname, email, and contactno fields
  • Deploy a web application firewall or input filter to block malicious SQL

Generated by OpenCVE AI on April 22, 2026 at 22:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-26526 A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php.
History

Wed, 22 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Complaint Management System 2.0

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Mon, 08 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:phpgurukul:complaint_management_system:2.0:*:*:*:-:*:*:*

Wed, 03 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Phpgurukul
Phpgurukul complaint Management System
Vendors & Products Phpgurukul
Phpgurukul complaint Management System

Wed, 03 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Sep 2025 15:00:00 +0000

Type Values Removed Values Added
Description A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php.
References

Subscriptions

Phpgurukul Complaint Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T14:15:59.722Z

Reserved: 2025-08-17T00:00:00.000Z

Link: CVE-2025-57147

cve-icon Vulnrichment

Updated: 2025-09-03T17:22:48.576Z

cve-icon NVD

Status : Modified

Published: 2025-09-03T15:15:38.563

Modified: 2026-04-06T15:17:05.850

Link: CVE-2025-57147

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T22:30:28Z

Weaknesses